Just to elaborate (you've all probably figured this out by now), the JNDIPrincipalStore actually *searches* your LDAP server for users/groups. The configuration settings you give describe the search parameters. The deciding factor on performance is how many results are returned by the search. If you have a lot of users/groups Slide will take a long time to start. It takes about a minute for me with 28,000 user accounts.
-James On Mon, 2005-02-28 at 09:48 +0000, Miguel Figueiredo wrote: > Hello Jacob, > > The JNDIStore does not look for anything here. The configuration u give to > her, tells her 'what is what, and where is it' ... Hmmm, with others words, > the configuration tells the LDAP/Active Directory server what kind of > objects she is looking for, and where she expects to be found. When you > start configuring it, you will get more insightful regarding this statement. > > When the JNDIStore asks something to the server, it asks by means of a bind > request, and the server shall have the responsibility to find objects, in > the configured places, that match the bind request. 'Modus Operandis' of the > LDAP or Active Directory is exactly the same regarding the bind operation, > the difference comes in the schemas they offer: standard schemas with LDAP, > proprietary but standard-based schema on Active Directory (M$ strikes again > :P ). > > Also, as you correctly stated, most companies split users and groups in > several OUs. I'm glad to report that the JNDIStore is generic enough to > adapt it's configuration to any deployment choices (at least we did not > found any trouble in its configuration until now). > > Hope this helps, > Miguel Figueiredo > > > > -----Original Message----- > From: Jacob Lund [mailto:[EMAIL PROTECTED] > Sent: segunda-feira, 28 de Fevereiro de 2005 8:46 > To: Slide Users Mailing List > Subject: Re: LDAP Connection Error > > Well - you mentioned exactly what I have been wondering about! > > Most companies split users and groups in several OUs (Organizational units). > > Can the JNDIStore search through the AD and fetch all users and groups, also > > how will that affect the performance? > > I have an AD with several OU ready for testing, but I have not had the time > to look into this deeper yet! > > /jacob > > ----- Original Message ----- > From: "John Gilbert" <[EMAIL PROTECTED]> > To: "Slide Users Mailing List" <slide-user@jakarta.apache.org>; "Slide Users > > Mailing List" <slide-user@jakarta.apache.org> > Sent: Friday, February 25, 2005 4:14 PM > Subject: RE: LDAP Connection Error > > > There isn't much to say. I just follow the instructions I found in the > comment block of the source code and the postings to the user group. There > was nothing too special for AD. > > Here is a link to a posting by James Mason. > http://cvs.apache.org/viewcvs.cgi/jakarta-slide/src/conf/webapp/JNDI-Domain. > xml?rev=1.2&view=auto > > I did have to play with the jndi.attributes.groupmemberset and > jndi.search.filter settings settings. > Just use any old ldap browser to browse the schema. > > One thing I have found is that AD admins seem to like spreading their groups > > and people around in the tree, instead of having a single people root and a > single groups root. I don't think the JNDIPrincipalStore handles this case, > but I didn't have time to test it thoroughly. It might have to do with the > jndi.search.scope setting. > > Also having the passwords in cleartext has been a battle. > > > > ________________________________ > > From: Jacob Lund [mailto:[EMAIL PROTECTED] > Sent: Fri 2/25/2005 5:53 AM > To: Slide Users Mailing List > Subject: Re: LDAP Connection Error > > > > Hi John! > > I would like to create a Wiki on how to integrate slide with an AD! > > Would you mind sharing your configuration of the JNDIPrincipalStore, realm > and other experiences on this integration? > > Thanks > /Jacob > > ----- Original Message ----- > From: "John Gilbert" <[EMAIL PROTECTED]> > To: "Slide Users Mailing List" <slide-user@jakarta.apache.org> > Sent: Thursday, February 24, 2005 4:33 PM > Subject: LDAP Connection Error > > > I am using the JNDIPrincipalStore to connect to Active Directory to > retrieve Users and Roles. Everything works fine for a while. > > Then it eventually gets a connection error and I have to restart the > Slide war. I have several other applications connecting to the same > > Active Directory instance and they are not experiencing any problems or > may be they are handling the error and reconnecting automatically. > > > > Has anyone had this problem? > > Is the JNDIPrincipalStore supposed to gracefully reconnect? There is > nothing for this in the code. Is this handled by the framework? > > > > Thanks > > John > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
